[Tickets #7646] Driver 'file' fails to open files with '..' anywhere in name
bugs at horde.org
bugs at horde.org
Wed Nov 5 22:23:59 UTC 2008
DO NOT REPLY TO THIS MESSAGE. THIS EMAIL ADDRESS IS NOT MONITORED.
Ticket URL: http://bugs.horde.org/ticket/7646
------------------------------------------------------------------------------
Ticket | 7646
Created By | andrew at aklabs.net
Summary | Driver 'file' fails to open files with '..' anywhere
| in name
Queue | Gollem
Version | 1.0.3
Type | Bug
State | Unconfirmed
Priority | 2. Medium
Milestone |
Patch | 1
Owners |
+New Attachment | file.php.patch
------------------------------------------------------------------------------
andrew at aklabs.net (2008-11-05 17:23) wrote:
This may already be fixed upstream in latest head, and if so, please
forgive. I am using 1.0.3 because it's what's in Ubuntu 8.04 LTS's
repository as of the latest apt-get update.
When using the 'file' VFS driver on a Linux host using Horde 3.1.7,
IMP H3 4.1.4 and Gollem H3 1.0.3, users are unable to open (or attach
to IMP outgoing messages), any files that contain '..' anywhere in the
file name. Test case:
Create a file in a VFS share with the filename 'test.pdf'. Opens correctly.
Rename the file to 'test..pdf'. The file will silently fail to attach
to IMP messages, and will fail to view with the following error:
-------------------------------------------------
Warning: file_get_contents(/vfsdir/horde//filepdf)
[function.file-get-contents]: failed to open stream: No such file or
directory in /usr/share/horde3/lib/VFS/file.php on line 82
Warning: Cannot modify header information - headers already sent by
(output started at /usr/share/horde3/lib/VFS/file.php:82) in
/usr/share/horde3/lib/Horde/Browser.php on line 978
Warning: Cannot modify header information - headers already sent by
(output started at /usr/share/horde3/lib/VFS/file.php:82) in
/usr/share/horde3/lib/Horde/Browser.php on line 984
Warning: Cannot modify header information - headers already sent by
(output started at /usr/share/horde3/lib/VFS/file.php:82) in
/usr/share/horde3/lib/Horde/Browser.php on line 1003
-----------------------------------------------
Solution: I opened up /usr/share/horde3/lib/VFS/file.php and found the
error inside of _getNativePath where '..' is replaced with ''. The
reason for this is obvious (security), but the method failed to take
into account situations like this where the user just accidentally put
two ..'s before an extension. I replaced the str_replace call with an
ereg_replace call to only do this at the beginning of the filename.
Works like a charm. I tried naming files things like
'../sneakyfile.pdf' and such, and gollem wasn't freaked out by any
tests I could do.
Patch is attached to bug report in unified diff format.
More information about the bugs
mailing list